Hi all, I'm writing a document on genpkey application and I observed an interesting behaviour.
When I create a EC key with ecparam, and bind that to a certificate as shown in steps 1 to 3, that certificate works fine with Apache. [1] openssl ecparam -out ecParamKey.pem -name secp384r1 -genkey [2] openssl req -new -key ecParamKey.pem -outform PEM -out ecParamCsr.pem [3] openssl x509 -req -in ecParamCsr.pem -signkey ecParamKey.pem -outform PEM -out ecParamCert.pem If I try to achieve the same result with genpkey as shown in steps 4-7, then the certificate does not work with Apache. [4] openssl genpkey -genparam -algorithm EC -pkeyopt ec_paramgen_curve:secp384r1 -out genPkeyParam [5] openssl genpkey -paramfile genPkeyParam -outform PEM -out genPkeyKey.pem [6] openssl req -new -key genPkeyKey.pem -outform PEM -out genPkeyCsr.pem [7] openssl x509 -req -in genPkeyCsr.pem -signkey genPkeyKey.pem -outform PEM -out genPkeyCert.pem genpkey does not append the curve parameters to the key. Even if I concatenate the parameters and key by hand, resulting certificate does not work. Is this the expected behaviour of genpkey or is it a bug? Ubuntu 13.10 OpenSSL 1.0.1e 11 Feb 2013 Apache/2.4.6 Cheers, Cagri ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
